Yahoo News hacked, story changed

Online news took a hit this week with Yahoo's acknowledgment that a hacker substantially altered a news story that appeared on its site.

The changes, which have since been removed, were made to an Aug. 23 Reuters story about the Russian software programmer Dmitry Sklyarov, who stands accused of violating U.S. copyright law.

According to Yahoo, news of the hack was first reported and brought to the company's attention by SecurityFocus.com this week. A Yahoo representative said the Web portal had taken "appropriate steps to block unauthorized access" to its production tools.

The hacks are the latest in an ongoing headache for online news organizations. Previous incidents include the defacement of
The New York Times Web site and an attack one year ago on the Orange County Register's Web site.

In those incidents, hackers appeared to be using the sites to make a political point or simply to make trouble. But in the attack on Yahoo News, the hacker, Adrian Lamo, said he was acting to demonstrate Yahoo's security lapses, according to the SecurityFocus report.

Some of Lamo's changes were whimsical, but others were substantial factual misrepresentations. For example, Lamo's altered story reported that the Russian hacker faced the death penalty if convicted, SecurityFocus reported.

Lamo also told SecurityFocus that he'd been able to change Yahoo News stories over the course of three weeks and that he had changed other stories in addition to the Aug. 23 Reuters story.

Yahoo would not comment on whether it planned legal action against Lamo over the incidents.

The Yahoo News caper is not Lamo's first warning to a Web company. In May, he brought to light security lapses in Excite@Home's network, which the broadband Internet access provider later thanked him for catching.

Lamo, the founder and a staff writer for the Inside-AOL Web site, was also credited
last year for exposing a hole in America Online's instant-messaging application.